1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Lots of Viruses

Discussion in 'Virus & Other Malware Removal' started by akstacey88, Jan 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. akstacey88

    akstacey88 Thread Starter

    Joined:
    Jul 26, 2005
    Messages:
    125
    Hi Everyone, I have attached a virus report from AVG Antivirus. It lists a lot of viruses. The ones located in the temp files and those that are programs I know how to get rid of, but the ones in the windows folders I am not sure of. If anyone knows anything about these viruses can you please let me know how to remove them.

    With this many viruses would it be easier to just restore the whole computer?

    Thanks,
    Allison
     

    Attached Files:

  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please post your report instead of attaching it as an excel worksheet or save it as a txt file instead.
     
  3. akstacey88

    akstacey88 Thread Starter

    Joined:
    Jul 26, 2005
    Messages:
    125
    Sorry, here is the text file
     

    Attached Files:

  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    :eek:

    Please post a HJT log also.

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  5. akstacey88

    akstacey88 Thread Starter

    Joined:
    Jul 26, 2005
    Messages:
    125
    Logfile of HijackThis v1.99.1
    Scan saved at 9:48:07 AM, on 1/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\d3ws.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\DOCUME~1\access04\LOCALS~1\Temp\58.tmp.exe
    C:\WINDOWS\mscw32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\huhih.dll/sp.html#28129%resultposition.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\huhih.dll/sp.html#28129%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\huhih.dll/sp.html#28129%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\huhih.dll/sp.html#28129%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\huhih.dll/sp.html#28129%resultposition.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\huhih.dll/sp.html#28129%resultposition.net
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {05B938F9-A35C-7FA5-AF7A-6515461F6EC5} - C:\WINDOWS\d3hz32.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Class - {249CC0A1-9ABC-B843-D795-80061B76632D} - C:\WINDOWS\system32\mfckp32.dll (file missing)
    O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
    O2 - BHO: Class - {34601DD7-1E8A-D921-D291-3E41DC92883F} - C:\WINDOWS\ipxr32.dll
    O2 - BHO: Class - {4566CC43-0B31-07E0-141A-12FC7D5FF802} - C:\WINDOWS\sysgj32.dll
    O2 - BHO: Class - {4A5C0B03-44B3-2F5D-257F-562F674EEA19} - C:\WINDOWS\system32\javaoc.dll
    O2 - BHO: Class - {69848259-E5F3-2574-2AEE-41BB1DBD3EAC} - C:\WINDOWS\msbh32.dll (file missing)
    O2 - BHO: Class - {6F9D6D55-CAC3-5935-5958-2D75D127FF8E} - C:\WINDOWS\system32\sdkvc32.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Class - {8EC43FEA-7FF7-DB2B-307D-1FF58C69FED9} - C:\WINDOWS\apilf.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Class - {B0432338-0B26-0970-F43D-EAB85388D0FD} - C:\WINDOWS\winbv32.dll (file missing)
    O2 - BHO: Class - {BF9AAF26-9064-6C4F-091C-07C0FEDA8044} - C:\WINDOWS\winff.dll
    O2 - BHO: Class - {CD1BCDC5-99C0-CFB9-40F9-6D56B649A8C5} - C:\WINDOWS\addro32.dll
    O2 - BHO: Class - {D8DEC485-CE65-A3D0-7970-3801569ABBF8} - C:\WINDOWS\system32\crfy32.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [8e24io24] C:\WINDOWS\system32\8e24io24.exe
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [58.tmp] C:\DOCUME~1\access04\LOCALS~1\Temp\58.tmp.exe
    O4 - HKLM\..\Run: [58.tmp.exe] C:\DOCUME~1\access04\LOCALS~1\Temp\58.tmp.exe
    O4 - HKLM\..\Run: [ieep32.exe] C:\WINDOWS\system32\ieep32.exe
    O4 - HKLM\..\Run: [mscw32.exe] C:\WINDOWS\mscw32.exe
    O4 - HKLM\..\Run: [ipej32.exe] C:\WINDOWS\system32\ipej32.exe
    O4 - HKLM\..\RunOnce: [d3ws.exe] C:\WINDOWS\d3ws.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: C133743 welcome page.url
    O4 - Startup: GM Vehicle Inquiry System.url
    O4 - Startup: GMACCESS.url
    O4 - Startup: Welcome to MSN.com.url
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
    O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/AdultAccess/ie/bridge-c420.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.gmdealerpulse.com/download/CfxIEAx.cab
    O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwca.ops.placeware.com/etc/place/CHARLIE/CHApws-a1/5.1.8.511/lib/quicksilver.cab
    O16 - DPF: {3ACD344E-42AB-4E3E-AA4D-11219E6C4ADD} (PrintControl Class) - https://www.claimsmanager.adpclaims.com/Falcon/PrintCtrl.ocx
    O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - http://10.182.68.253/apps/common/includes/PC-CONFIG-CHECK.CAB
    O16 - DPF: {A48EC43C-0B53-4CE9-AF08-7AC2BD26F4E3} (VehView Class) - https://www.claimsmanager.adpclaims.com/Falcon/DamagePage.ocx
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://www.webmeeting.att.com/client/webex/ieatgpc.cab
    O16 - DPF: {E1FF9201-E701-40C9-A288-9708E3C2E74D} (Export Class) - https://www.claimsmanager.adpclaims.com/Falcon/ExportCtrl.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GMCA20688W2KDOM.GMA.GMCANADA.COM
    O17 - HKLM\Software\..\Telephony: DomainName = GMCA20688W2KDOM.GMA.GMCANADA.COM
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9749DC5A-2F89-4989-8203-26985FF5A4DE}: NameServer = 10.182.68.8,204.230.103.27
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GMCA20688W2KDOM.GMA.GMCANADA.COM
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = GMCA20688W2KDOM.GMA.GMCANADA.COM
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntsp.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
  6. akstacey88

    akstacey88 Thread Starter

    Joined:
    Jul 26, 2005
    Messages:
    125
    Anyone?
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/434860

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice